AUS
NZ
UK
CA
USA
IND
Highlights
- Consumer Discretionary Sector Vulnerable: ASX 200 report ranks the sector as second-worst in cybersecurity readiness, with Webjet and JB Hi-Fi among those at risk.
- Widespread Website Weaknesses: All companies in the sector showed website vulnerabilities, with encryption standards falling by 19 points since 2023.
- Room for Improvement: While some sectors progressed, 46% of ASX 200 companies lack phishing safeguards like DMARC policies.
As the holiday shopping season nears, a new 2024 ASX 200 Security Report by cybersecurity firm UpGuard has unveiled alarming vulnerabilities in Australia's Consumer Discretionary sector. Despite an overall rise in security scores across Australia’s top listed companies, this sector ranked as the second-worst for cybersecurity preparedness, exposing major firms like JB Hi-Fi (ASX:JBH), Webjet (ASX:WEB), and Super Retail Group (ASX:SUL) to heightened breach risks.
Greg Pollock, Head of Research and Insights at UpGuard, noted critical gaps in email and website security in the retail sector. "Scores in these areas are below 700, far below the threshold needed to protect consumers. While these issues are correctable, shoppers must exercise caution with underperforming companies online," Pollock emphasized.
Worrying Trends in the Sector
The report revealed that 100% of Consumer Discretionary companies face website vulnerabilities, with encryption standards suffering a significant 19-point decline since 2023. Webjet, in particular, ranked as the worst-performing company on the ASX 200, and while JB Hi-Fi showed improvements, it still fell within the bottom half for security scores.
These issues are not limited to the Consumer Discretionary sector. Key findings show:
- 46% of ASX 200 companies lack DMARC policies, leaving them vulnerable to phishing attacks.
- Expired or invalid website certificates impacted nearly 24% of companies, while half relied on weak encryption.
- Network vulnerabilities, such as open FTP ports, pose critical risks.
The report cited high-profile breaches like Optus, Latitude Financial, and Medibank as reminders of the persistent threats. Despite these incidents, fundamental protections, including secure email systems and robust supply chain security, remain absent for many organizations.
Sector Gains and Losses
While some sectors like Materials, Communication Services, and Real Estate showed progress, achieving over 30-point improvements, others regressed. The Consumer Discretionary sector saw a 14-point decline, and Energy dropped by 12 points.
However, there were success stories. Coles ranked second overall on the ASX 200, with Woolworths showing substantial progress, improving by 115 points to surpass the 800-point benchmark. Metcash and Endeavour also achieved high marks.
Recommendations for Businesses
To address these issues, the report recommends urgent measures, including:
- Strengthening Encryption Practices: Regular updates and adherence to robust standards.
- Improving Phishing Defenses: Implementing SPF, DKIM, and properly configured DMARC policies.
- Employee Training: Conducting regular phishing simulations to build awareness.
